What is GDPR? [EN]

Purpose & objectives: The purpose of the GDPR is to harmonize data protection laws across all the member states AND end distortions of competition. This should make it easier for EU citizens to understand how their data is being used, and also raise any request or complaint. Therefore, the GDPR has 2 main objectives: ensure that personal data are protected and ensure that EU residents rights are protected.

Scope: The GDPR applies to any company established within the EU territory and when an EU resident is involved in a data processing, whatever company’s citizenship.

Main aims of GDPR:

Creating a unified approach to data protection across the EU

Strengthening EU residents’ rights in the global economy

Giving individuals full control over all their personal data

Improving levels of compliance

Giving companies a sense of responsibility by developing self-control

The GDPR is an evolution of the past legislation, not a revolution. Indeed, The GDPR strengthens many existing principles and introduces more rights for individuals in the use of their personal data. It demands more to companies in terms of accountability for their use of personal data and enhances the existing rights of individuals. Many of the fundamentals principles such as fairness, transparency, accuracy, security, minimization and respect for the rights of the individual whose data is processed are the same and exist for a long time.

However, there are new provisions to comply with and the main important ones are:

The introduction of new rights for the data subjects: the right to be forgotten, the right to data portability, a special protection for the minors and the profiling limitation

The shared responsibility between the data controller and the data processor

The severe penalties: fines of up to €20 million or 4% global turnover & compensation claims for damages suffered

The extension of the territorial scope to any processing concerning an EU resident, whatever it is located in the EU or not